Utilizing data reduction in steganographic and cryptographic system

ABSTRACT

The present invention relates to methods for protecting a data signal using the following techniques: applying a data reduction technique to reduce the data signal into a reduced data signal; subtracting the reduced data signal from the data signal to produce a remainder signal; embedding a first watermark into the reduced data signal to produce a watermarked, reduced data signal; and adding the watermarked, reduced data signal to the remainder signal to produce an output signal. A second watermark may be embedded into the remainder signal before the final addition step. Further, cryptographic techniques may be used to encrypt the reduced data signals and to encrypt the remainder signals before the final addition step. The present invention also relates to a system for securing a data signal including: computer devices for applying a data reduction technique to reduce the data signal into a reduced data signal; means to subtract the reduced data signal from the data signal to produce a remainder signal; means to apply a first cryptographic technique to encrypt the reduced data signal to produce an encrypted, reduced data signal; means to apply a second cryptographic technique to encrypt the remainder signal to produce an encrypted remainder signal; and means to add the encrypted, reduced data signal to the encrypted remainder signal to produce an output signal.

CROSS REFERENCE TO RELATED APPLICATION

This application is a continuation of pending U.S. patent applicationSer. No. 11/519,467, which is a divisional of U.S. patent applicationSer. No. 09/594,719 (issued as U.S. Pat. No. 7,123,718), filed Jun. 16,2000, which is a continuation-in-part of International Application No.PCT/US00/06522, filed Mar. 14, 2000, which PCT application claimedpriority to U.S. Provisional Application No. 60/125,990, filed Mar. 24,1999. The previously identified patents and/or patent applications arehereby incorporated by reference, in their entireties. This applicationalso claims the benefit of the following applications: pending U.S.patent application Ser. No. 09/046,627 (issued as U.S. Pat. No.6,598,162), filed Mar. 24, 1998, entitled “Method for Combining TransferFunction with Predetermined Key Creation”; pending U.S. patentapplication Ser. No. 09/053,628 (issued as U.S. Pat. No. 6,205,249),filed Apr. 2, 1998, entitled “Multiple Transform Utilization andApplication for Secure Digital Watermarking”; pending U.S. ProvisionalPatent Application Ser. No. 60/169,274 (which corresponds to U.S. patentapplication Ser. No. 09/731,040 which issued as U.S. Pat. No.7,159,116), filed Dec. 7, 1999, entitled “Systems, Methods and Devicesfor Trusted Transactions”; and pending U.S. Patent Application Ser. No.60/147,134 (which corresponds to U.S. patent application Ser. No.10/049,101 which issued as U.S. Pat. No. 7,475,246), filed Aug. 4, 1999,entitled, “A Secure Personal Content Server.” All of the patentapplications previously identified in this paragraph are herebyincorporated by reference, in their entireties.

FIELD OF THE INVENTION

This invention relates to digital signal processing, and moreparticularly to a method and a system for encoding at least one digitalwatermark into a signal as a means of conveying information relating tothe signal and also protecting against unauthorized manipulation or useof the signal.

BACKGROUND OF THE INVENTION

Many methods and protocols are known for transmitting data in digitalform for multimedia applications (including computer applicationsdelivered over public networks such as the interne or World Wide Web(“WWW”). These methods may include protocols for compression of data,such that it may more readily and quickly be delivered over limitedbandwidth data lines. Among standard protocols for data compression ofdigital files may be mentioned the MPEG compression standards for audioand video digital compression, promulgated by the Moving Picture ExpertsGroup. Numerous standard reference works and patents discuss suchcompression and transmission standards for digitized information.

Digital watermarks help to authenticate the content of digitizedmultimedia information, and can also discourage piracy. Because piracyis clearly a disincentive to the digital distribution of copyrightedcontent, establishment of responsibility for copies and derivativecopies of such works is invaluable. In considering the various forms ofmultimedia content, whether “master,” stereo, NTSC video, audio tape orcompact disc, tolerance of quality will vary with individuals and affectthe underlying commercial and aesthetic value of the content. It isdesirable to tie copyrights, ownership rights, purchaser information orsome combination of these and related data into the content in such amanner that the content must undergo damage, and therefore reduction ofits value, with subsequent, unauthorized distribution, commercial orotherwise. Digital watermarks address many of these concerns. A generaldiscussion of digital watermarking as it has been applied in the art maybe found in U.S. Pat. No. 5,687,236 (whose specification is incorporatedin whole herein by reference).

Such prior art applications have been drawn to providing basic digitalwatermarking functionality. For instance, it has been known to providean apparatus or method for encoding or decoding independent information,including a digital watermark, represented as a series of data bits intoor out of a series of digitized samples, wherein the apparatuscontained:

-   -   a) a sample buffer for holding, accessing, and transforming        digitized samples;    -   b) a digital signal processor for performing sample        modifications and spectral transformations;    -   c) a memory for storing information representing:        -   1) a mask set, including one or more masks,        -   2) a start of message delimiter (wherein at least one of the            masks in question, or the start of message delimiter, are            random or pseudo-random),        -   3) a mask calculation buffer,        -   4) a first buffer holding the independent information,        -   5) an information bit index,        -   6) a message size, representing an amount of information,        -   7) one index into each of said one or more masks,        -   8) a state of a decoding process,        -   9) a table representing a map function,        -   10) a flag indicating whether a complete message has been            decoded or encoded,        -   11) a number of samples for reading into said sample buffer,            and        -   12) a flag indicating a size of a message that has been            decoded;    -   d) a first input for acquiring a plurality of digital samples;    -   e) a first output for outputting a plurality of modified digital        samples;    -   f) a second input for inputting a plurality of values to the one        or more masks, the start of message delimiter, the mask        calculation buffer, the first buffer, the table and the number        of samples;    -   g) a third output for outputting the independent information        stored in the first buffer as a result of the decoding process        and a value of the state of the decoding process to an attached        digital circuit;    -   h) one or more data buses for transferring information from:        -   1) the first input to the sample buffer,        -   2) the sample buffer to the digital signal processor,        -   3) the digital signal processor to the sample buffer,        -   4) the sample buffer to the first output,        -   5) the second input to the memory, and        -   6) the memory to the third output; and    -   i) a clock for generating a clock signal for driving the digital        signal processor and the data bus(es), and for controlling the        operation of the apparatus.

Further applications of basic digital watermarking functionality havealso been developed. Examples of such applications are shown in U.S.Pat. No. 5,889,868 (whose specification is incorporated in whole hereinby reference). Such applications have been drawn, for instance, toimplementations of digital watermarks that were deemed most suited toparticular transmissions, or particular distribution and storagemediums, given the nature of digitally sampled audio, video, and othermultimedia works. There have also been developed techniques for adaptingwatermark application parameters to the individual characteristics of agiven digital sample stream. and for implementation of digitalwatermarks that are feature-based—i.e., a system in which watermarkinformation is not carried in individual samples, but is carried in therelationships between multiple samples, such as in a waveform shape. Forinstance, natural extensions may be added to digital watermarks that mayalso separate frequencies (color or audio), channels in 3D whileutilizing discreteness in feature-based encoding only known to thosewith pseudorandom keys (i.e., cryptographic keys) or possibly tools toaccess such information, which may one day exist on a quantum level.

A matter of general weakness in digital watermark technology relatesdirectly to the manner of implementation of the watermark. Manyapproaches to digital watermarking leave detection and decode controlwith the implementing party of the digital watermark, not the creator ofthe work to be protected. This weakness removes proper economicincentives for improvement of the technology. One specific form ofexploitation mostly regards efforts to obscure subsequent watermarkdetection. Others regard successful over encoding using the samewatermarking process at a subsequent time. Yet another way to performsecure digital watermark implementation is through “key-based”approaches.

This paper draws a distinction between a “forensic watermark,” based onprovably-secure methods, and a “copy control” or “universal” watermarkwhich is intended to be low cost and easily implemented into any generalcomputing or consumer electronic device. A watermark can be forensic ifit can identify the source of the data from which a copy was made. Forexample, assume that digital data are stored on a disk and provided to“Company A” (the “A disk”). Company A makes an unauthorized copy anddelivers the copy to “Company B” (the “B disk”). A forensic watermark,if present in the digital data stored on the “A disk,” would identifythe “B disk” as having been copied from the “A disk.”

On the other hand, a copy control or universal watermark is an embeddedsignal which is governed by a “key” which may be changed (a “sessionkey”) to increase security, or one that is easily accessible to devicesthat may offer less than strict cryptographic security. The “universal”nature of the watermark is the computationally inexpensive means foraccessing or other associating the watermark with operations that caninclude playback, recording or manipulations of the media in which it isembedded.

A fundamental difference is that the universality of a copy controlmechanism, which must be redundant enough to survive many signalmanipulations to eliminate most casual piracy, is at odds with the fargreater problem of establishing responsibility for a given instance of asuspected copying of a copyrighted media work. The more dedicatedpirates must be dealt with by encouraging third party authenticationwith “forensic watermarks” or those that constitute “transactionalwatermarks” (which are encoded in a given copy of said content to bewatermarked as per the given transaction).

The goal of a digital watermark system is to insert a given informationsignal or signals in such a manner as to leave little or no evidence ofthe presence of the information signal in the underlying content signal.A separate but equal goal is maximizing the digital watermark's encodinglevel and “location sensitivity” in the underlying content signal suchthat the watermark cannot be removed without damage to the contentsignal.

One means of implementing a digital watermark is to use key-basedsecurity. A predetermined or random key can be generated as a map toaccess the hidden information signal. A key pair may also be used. Witha typical key pair, a party possesses a public and a private key. Theprivate key is maintained in confidence by the owner of the key, whilethe owner's public key is disseminated to those persons in the publicwith whom the owner would regularly communicate. Messages beingcommunicated, for example by the owner to another, are encrypted withthe private key and can only be read by another person who possesses thecorresponding public key. Similarly, a message encrypted with theperson's public key can only be decrypted with the corresponding privatekey. Of course, the keys or key pairs may be processed in separatesoftware or hardware devices handling the watermarked data.

Two conventional techniques for providing key-based confidentialityand/or authentication currently in use involve reciprocal andnon-reciprocal encrypting. Both systems use non-secret algorithms toprovide encryption and decryption, and keys that are used by thealgorithm.

In reciprocal algorithm systems, such as DES, the same key and algorithmis used both to encrypt and decrypt a message. To assure confidentialityand authenticity, the key should be known only to the sending andreceiving computers, and were traditionally provided to the systems by“secure” communication, such as courier.

In the prior art there have been developed systems wherein a common keymay be developed by the sender and receiver using non-securecommunications. In such systems, as described in U.S. Pat. Nos.4,200,770, 5,375,169 and 5,583,939, each party to a communicationgenerates a numerical sequence, operates on the sequence and transfersthe result to the other party. By further operation using thetransferred result and the locally generated sequence, each party candevelop the identical encyphering key, which cannot be obtained from thetransferred results alone.

As implemented for use over the interne, the most common prior artencryption systems are those denoted by the Secure Socket Layer (SSL)and IPSEC protocols.

In non-reciprocal systems, such as described in U.S. Pat. No. 4,218,582,a first party to a communication generates a numerical sequence and usesthat sequence to generate non-reciprocal and different encrypting anddecrypting keys. The encrypting key is then transferred to a secondparty in a non-secure communication. The second party uses theencrypting key (called a public key because it is no longer secure) toencrypt a message that can only be de-crypted by the decrypting keyretained by the first party. The key generation algorithm is arrangedsuch that the decrypting key cannot be derived from the publicencrypting key. Similar methods are known for using non-reciprocal keysfor authentication of a transmission. In this application, thenon-secure “public” key is used to a message that has been encryptedusing a secure “private” key known only to the originating party. Inthis method the receiving party has assurance that the origination ofthe message is the party who has supplied the “public” decrypting key.Prior art systems for key generation have often relied uponsupposedly-random or quasi-random numbers generated by a fixedmathematical algorithm.

Adaptations of key systems specifically used in conjunction with digitalwatermarking have been developed, as disclosed in, for example, U.S.Pat. No. 5,822,432 (which is incorporated in whole herein by reference).Such adaptations have included, for instance, providing methods for thehuman-assisted generation and application of pseudorandom keys for thepurpose of encoding and decoding digital watermarks to and from adigitized data stream. In such methods, a pseudorandom key and keyapplication “envelope” may be generated and stored using guidelineparameters input by a human engineer interacting with a graphicalrepresentation of the digitized data stream. Key “envelope” informationis permanently associated with the pseudo-random binary stringcomprising the key. Key and “envelope” information may then be appliedin a digital watermark system to the encoding and decoding of digitalwatermarks. Such a method can improve encoding and decoding with digitalwatermarks by providing: separation of the encoder from the decoder;increased information capacity (relative to spread spectrum methods);destruction or degradation of content when attempts to erase watermarkstake place; detection of presence of watermarks without ability toaccess watermark information; multi-channel watermark capability; use ofvarious classes of keys for watermark access control; support foralternative encoding, decoding, or other component algorithms; and/oruse of a digital notary to authenticate and time stamp watermarkcertificates.

While, as described above, various prior art approaches do exist forimplementation of digital watermarking (though not necessarily forforensic or copy control use), there are additional desirable featuresfor digital watermarking systems that are not currently believed to beavailable. For instance, it would be desirable to be able to secure adata signal by using data reduction techniques to reduce the data signalinto a reduced data signal; in conjunction with cryptographictechniques, so that an output signal can reliably and efficiently besecurely delivered.

It would further be advantageous to user remainder signals (produced bydata reduction techniques) as a vehicle for performing encryption uponand using in conjunction with encrypting/decrypting of a data signal tobe secured.

It would likewise be desirable to combine data reduction techniques toreduce a data signal into a reduced data signal; produce a remaindersignal from the data signal; and then embed complementary watermarks inreduced data signal and the remainder signal, for effective and securedelivery of an output signal.

It would still further be desirable to combine scrambling techniques inconjunction with data reduction techniques such that data signals can bereduced and transmitted on a secured basis.

It would likewise be desirable to provide cost-efficient and universalsystems for digital watermarking, and to provide systems adaptable bothto copy protection and forensic tracing of “pirated” data signals todetect and deter unauthorized copyists thereof.

It would also be desirable to provide a system of digital watermarkingthat is highly compatible with known and future methods for compressionof data used in conjunction with electronic transmission thereof. Itwould further be desirable to provide digital watermarking techniques inconjunction with known and effective “key” systems for cryptography anddata signal protection.

The prior art does not meet these needs.

SUMMARY OF THE INVENTION

The present invention provides a method of securing a data signal whichcomprises the steps of: applying a data reduction technique to reducethe data signal into a reduced data signal; embedding a first watermarkinto said reduced data signal to produce a watermarked, reduced datasignal; and adding said watermarked, reduced data signal to saidremainder signal to produce an output signal.

The present invention also provides a method of securing a data signalwhich comprises the steps of: applying a data reduction technique toreduce the data signal into a reduced data signal; subtracting saidreduced data signal from the data signal to produce a remainder signal;embedding a first watermark into said reduced data signal to produce awatermarked, reduced data signal; embedding a second watermark into saidremainder signal; to produce a watermarked remainder signal; and addingsaid watermarked, reduced data signal to said watermarked remaindersignal to produce an output signal.

The present invention also provides a method of securing a data signalwhich comprises the steps of: applying a data reduction technique toreduce the data signal into a reduced data signal; subtracting saidreduced data signal from the data signal to produce a remainder signal;using a first scrambling technique to scramble said reduced data signalto produce a scrambled, reduced data signal; using a second scramblingtechnique to scramble said remainder signal to produce a scrambledremainder signal; and adding said scrambled, reduced data signal to saidscrambled remainder signal to produce an output signal.

The present invention also provides a method of securing a data signalwhich comprises the steps of: applying a data reduction technique toreduce the data signal into a reduced data signal; subtracting saidreduced data signal from the data signal to produce a remainder signal;using a first cryptographic technique to encrypt the reduced data signalto produce an encrypted, reduced data signal; using a secondcryptographic technique to encrypt the remainder signal to produce anencrypted remainder signal; and adding said encrypted, reduced datasignal to said encrypted remainder signal to produce an output signal.

The present invention also supplies a system for securing a data signalwhich comprises: means to apply a data reduction technique to reduce thedata signal into a reduced data signal; means to subtract said reduceddata signal from the data signal to produce a remainder signal; means toapply a first cryptographic technique to encrypt the reduced data signalto produce an encrypted, reduced data signal; means to apply a secondcryptographic technique to encrypt the remainder signal to produce anencrypted remainder signal; and means to add said encrypted, reduceddata signal to said encrypted remainder signal to produce an outputsignal.

The present invention also supplies a system for securing a data signalwhich comprises: (a) a computer processor; (b) at least one computermemory; (c) a data reduction algorithm; and (d) at least one digitalwatermarking algorithm, wherein said computer processor is supplied withprogramming in conjunction with said computer memory: (I) to apply saiddata reduction algorithm to the data signal to yield a reduced datasignal; and to subtract said reduced data signal from the data signal toproduce a remainder signal; (II) to embed a first watermark into saidreduced data signal by application of said at least one digitalwatermarking algorithm to produce a watermarked remainder signal; and(IV) to add said watermarked, reduced data signal to said watermarkedremainder signal to produce an output signal.

The present invention also provides a method of securing a data signalwhich comprises the steps of: evaluating the data signal to determineits characteristics and reducibility; selecting at least one appropriatedata reduction technique for the data signal based on the data signal'scharacteristics; applying said at least one appropriate data reductiontechnique to the data signal to produce a reduced data signal; embeddingat least one digital watermark in the reduced data signal; and supplyingan output signal corresponding to the data signal, said output signalcomprising said watermark and said reduced data signal.

The present invention also supplies a method for the protection of adata signal, comprising the steps of: (a) defining and analyzing aplurality of data substreams within the data signal; (b) associating atleast one key or key pair with data reduction digital watermarking forat least one of said data substreams; (c) employing said at least onekey or key pairs for at least one step selected from the group of: (i)identifying at least one associated watermark; (ii) encoding at leastone associated watermark; (iii) detecting at least one associatedwatermark; or (iv) decoding at least one associated watermark.

A method for protected distribution of a data file is also provided,which method comprises: (a) embedding one or more digital watermarks inthe data file using data reduction techniques in creating said digitalwatermark; (b) and distributing the digitally watermarked file to an enduser.

Also provided is a method for analyzing a data signal that has beenembedded with at least one digital watermark using a data reductiontechnique, said method comprising: receiving the data signal; processingthe data signal to detect information relative to the digital watermark;analyzing the detected information to determine if the output of thedata signal is authorized; and outputting said data signal if thedetected information establishes that output is authorized.

Also provided is a device for analyzing a data signal that has beenembedded with at least one digital watermark using a data reductiontechnique, said device comprising: an interface for receiving the datasignal; a detector for processing the data signal to detect informationrelative to the at least one digital watermark; an analyzer to analyzethe detected information to determine if output of the data signal isauthorized or unauthorized; and an signal generator to output data ifthe detected information establishes that output is authorized.

There are two design goals in an overall digital watermarking system'slow cost, and universality. Ideally, a method for encoding and decodingdigital watermarks in digitized media for copy control purposes shouldbe inexpensive and universal. This is essential in preventing casualpiracy. On the other hand, a more secure form of protection, such as a“forensic watermarks,” can afford to be computationally intensive todecode, but must be unaffected by repeated re-encoding of a copy controlwatermark. An ideal method for achieving these results would separatethe signal into different areas, each of which can be accessedindependently. The embedded signal or may simply be “watermark bits” or“executable binary code,” depending on the application and type ofsecurity sought. Improvements to separation have been made possible byenhancing more of the underlying design to meet a number of clearlyproblematic issues.

The present invention interprets the signal as a stream which may besplit into separate streams of digitized samples or may undergo datareduction (including both lossy and lossless compression, such as MPEGlossy compression and Meridian's lossless compression, down sampling,common to many studio operations, or any related data reductionprocess). The stream of data can be digital in nature, or may also be ananalog waveform (such as an image, audio, video, or multimedia content).One example of digital data is executable binary code. When applied tocomputer code, the present invention allows for more efficient, secure,copyright protection when handling functionality and associations withpredetermined keys and key pairs in software applications or the machinereadable versions of such code in microchips and hardware devices. Textmay also be a candidate for authentication or higher levels of securitywhen coupled with secure key exchange or asymmetric key generationbetween parties. The subsets of the data stream combine meaningful andmeaningless bits of data which may be mapped or transferred depending onthe application intended by the implementing party. The presentinvention utilizes data reduction to allow better performance inwatermarking as well as cryptographic methods concerning binaryexecutable code, its machine readable form, text and otherfunctionality-based or communication-related applications. Somedifferences may simply be in the structure of the key itself, a pseudorandom or random number string or one which also includes additionalsecurity with special one way functions or signatures saved to the key.The key may also be made into key pairs, as is discussed in otherdisclosures and patents referenced herein. The present inventioncontemplates watermarks as a plurality of digitized sample streams, evenif the digitized streams originate from the analog waveform itself. Thepresent invention also contemplates that the methods disclosed hereincan be applied to non-digitized content. Universally, data reductionadheres to some means of “understanding” the reduction. This disclosurecontemplates data reduction which may include down sampling, lossycompression, summarization or any means of data reduction as a novelmeans to speed up watermarking encode and decode operations. Many formsof data reduction rely upon sampling of a data signal, for instancefrequency or time sampling of a digital audio or video signal. Forexample, a signal may be sampled on a regular basis every x fractions ofa second, where x is arbitrarily chosen, such that representative dataslices of the signal are obtained. Other data reduction techniquesinclude bit depth reduction. Bit depth reduction relies on the fact thatwhen measuring items, scales of different degrees of precision can beused. For example, one can measure things on a scale with three divisionmarks (zero to two), or on a scale of the same magnitude with tendivision marks (zero to nine). Scales with more divisions are of higherprecision than scales with fewer divisions. On a computer, because ofprocessing and storage limitations, numerical values (e.g., numericalvalues relating to a digitized signal) are also represented with varyingdegrees of precision. For example, one can use two bits (a scale of zeroto three) to represent a numerical value or use five bits (a scale ofzero to thirty-one) to represent the same numerical value. The number ofbits used to represent a numerical value is generally referred to as the“bit depth.” Numerical data may be reduced for storage or transmissionby reduction of the bit depth scale.

While any of a number of different data reduction techniques can be usedin conjunction with the present invention, essentially a lossy methodfor data reduction yields the best results for encode and decodeoperations. Data reduction methods should be appropriately chosen withan eye toward the particular type of data signal being reduced. Somedata signals may more readily be reduced than others. For instance, whenthe data reduction technique chosen is a compression technique, it willbe realized that not all data signals or files are equally compressible.For example, there are limits to the degree to which aestheticinformation (such as music or video signals) may be compressed withoutlosing their aesthetic or informational value. Thus, in practicing thepresent invention, techniques can be applied for intelligent selectionof data reduction, and differential data reduction techniques can beselected for differential substreams of an aggregate data stream. Forexample, a computer processor implementing the present invention forprotection of a data signal stream comprising, say, both video and textportions, can be programmed to “split” the aggregate data stream intovideo and text signal substreams, and to apply a first data reductionalgorithm most suitable for video data to the first substream, whileapplying a second data reduction algorithm most suitable for text datato the second substream.

It is desirable to have both copy control and forensic watermarks in thesame signal to address the needs of the hardware, computer, and softwareindustries while also providing for appropriate security to the ownersof the copyrights. This will become clearer with further explanation ofthe sample embodiments discussed herein.

The present invention also contemplates the use of data reduction forpurposes of speedier and more tiered forms of security, includingcombinations of these methods with transfer function functions. In manyapplications, transfer functions (e.g., scrambling), rather than mappingfunctions (e.g., watermarking), are preferable or can be used inconjunction with mapping. With “scrambling,” predetermined keys areassociated with transfer functions instead of mapping functions,although those skilled in the art may recognize that a transfer functionis simply a subset of mask sets encompassing mapping functions. It ispossible that tiered scrambling with data reduction or combinations oftiered data reduction with watermarking and scrambling may indeedincrease overall security to many applications.

The use of data reduction can improve the security of both scramblingand watermarking applications. All data reduction methods includecoefficients which affect the reduction process. For example, when adigital signal with a time or space component is down sampled, thecoefficient would be the ratio of the new sample rate to the originalsample rate. Any coefficients that are used in the data reduction can berandomized using the key, or key pair, making the system more resistantto analysis. Association to a predetermined key or key pair andadditional measure of security may include biometric devices, tamperproofing of any device utilizing the invention, or other securitymeasures.

Tests have shown that the use of data reduction in connection withdigital watermarking schemes significantly reduces the time required todecode the watermarks, permitting increases in operational efficiency.

Particular implementations of the present invention, which have yieldedextremely fast and inexpensive digital watermarking systems, will now bedescribed. These systems may be easily adapted to consumer electronicdevices, general purpose computers, software and hardware. The exchangeof predetermined keys or key pairs may facilitate a given level ofsecurity. Additionally, the complementary increase in security for thoseimplementations where transfer functions are used to “scramble” data, isalso disclosed.

BRIEF DESCRIPTION OF THE FIGURES

For a more complete understanding of the invention and some advantagesthereof, reference is now made to the following descriptions taken inconnection with the accompanying drawings in which:

FIG. 1 is a functional block diagram that shows a signal processingsystem that generates “n” remainder signals and “n” data reducedsignals.

FIG. 2 is a functional block diagram for an embodiment of the presentinvention which illustrates the generation of an output signal comprisedof a data-reduced, watermarked signal and a first remainder signal.

FIG. 3 is a functional block diagram for an embodiment of the presentinvention which illustrates the generation of an output signal comprisedof a data-reduced, watermarked signal and a watermarked, first remaindersignal.

FIG. 4 is a functional block diagram for decoding the output signalgenerated by the system illustrated in FIG. 2.

FIG. 5 is a functional block diagram for decoding the output signalgenerated by the system illustrated in FIG. 3.

FIG. 6 is a functional block diagram for an embodiment of the presentinvention which illustrates the generation of an output signal comprisedof a data-reduced, scrambled signal and a first remainder signal.

FIG. 7 is a functional block diagram for an embodiment of the presentinvention which illustrates the generation of an output signal comprisedof a data—reduced, scrambled signal and a scrambled, first remaindersignal.

FIG. 8 is a functional block diagram for decoding the output signalgenerated by the system illustrated in FIG. 6.

FIG. 9 is a functional block diagram for decoding the output signalgenerated by the system illustrated in FIG. 7.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The embodiments of the present invention and its advantages are bestunderstood by referring to the drawings, like numerals being used forlike and corresponding parts of the various drawings.

An Overview

A system for achieving multiple levels of data reduction is illustratedin FIG. 1.

An input signal 10 (for example, instructional text, executable binarycomputer code, images, audio, video, multimedia or even virtual realityimaging) is subjected to a first data reduction technique 100 togenerate a first data reduced signal 20. First data reduced signal 20 isthen subtracted from input signal 10 to generate a first remaindersignal 30.

First data reduced signal 20 is subjected to a second data reductiontechnique 101 to generate a second data reduced signal 21. Second datareduced signal 21 is then subtracted from first data reduced signal 20to generate a second remainder signal 31.

Each of the successive data reduced signals is, in turn, interactivelysubjected to data reduction techniques to generate a further datareduced signal, which, in turn, is subtracted from its respective parentsignal to generate another remainder signal. This process is genericallydescribed as follows. An (n−1) data reduced signal 28 (i.e, a signalthat has been data reduced n−1 times) is subjected to an nth datareduction technique 109 to generate an nth data reduced signal 29. Thenth data reduced signal 29 is then subtracted from the (n−1) datareduced signal 28 to produce an n^(th) remainder signal 39.

An output signal can be generated from the system illustrated in FIG. 1in numerous ways. For example, each of the n remainder signals (which,through represented by reference numerals 30-39, are not intended to belimited to 10 signals though n must obviously be a finite number, and asa practical matter will usually be comparatively small) and the n^(th)data signal may optionally subjected to a watermarking technique, oreven optionally subjected to a encryption technique, and each of the(n+1) signals (whether watermarked or encrypted, or otherwise untouched)may then be added together to form an output signal. By way of moreparticular examples, each of the (n+1) signals (i.e., the n remaindersignals and the n^(th) data reduced signal) can be added togetherwithout any encryption or watermarking to form an output signal; or oneor more of the (n+1) signals may be watermarked and then all (n+1)signals may be added together; or one or more of the (n+1) signals maybe encrypted and then all (n+1) signals may be added together. It isanticipated that between these three extremes lie numerous hybridcombinations involving one or more encryptions and one or morewatermarkings.

Each level may be used to represent a particular data density. E.g., ifthe reduction method is down-sampling, for a DVD audio signal the firstrow would represent data sampled at 96 kHz, the second at 44.1 kHz., thethird at 6 kHz., etc. There is only an issue of deciding whatperformance or security needs are contemplated when undertaking the datareduction process and choice of which types of keys or key pairs shouldbe associated with the signal or data to be reduced. Further securitycan be increased by including block ciphers, special one way functions,one time stamps or even biometric devices in the software or hardwaredevices that can be embodied. Passwords or biometric data are able toassist in the determination of the identity of the user or owner of thedata, or some relevant identifying information.

A variety of keys may advantageously be chosen. Additionally, any key orkeys employed need not remain static over time but may be changed fromtime to time. For instance, the key may be changed in real time, or upondetection of a “marker” signal within the data signal stream. The keycan also be a ciphered key. As is known in the art, the key or keys maybe generated by any of a variety of effective methods, includingsteganographic cipher, symmetric cryptographic cipher, and asymmetriccryptographic cipher. Keys may be derived (in whole or in part) from thesignal stream itself or may be derived from sources completely externalto the signal stream.

Additionally, and given that information signals may comprise a varietyof forms of information (e.g., audio, still image, video, computer code,or text), it is appreciated that a single multimedia information signalstream may be divided into multiple substreams based on the variousconstituent information forms in the multimedia information stream. Itcould be advantageous, in such a substreamed context, to associatepredetermined discrete, and particular, forms or instances of key or keypair to particular information substreams—for instance, a predeterminedfirst key or key pair could be assigned for association and use with avideo substream whereas a predetermined second key or key pair could beassigned for association and use with a text substream. Thus, complexwatermarking of a multi-substream data signal may be flexiblyaccomplished. Such complexity may contribute, inter alia, to moreeffective watermarking and security as multiple watermarks would have tobe compromised in order to compromise the entire aggregate informationstream or set of substreams. Keys and key pairs are understood to bemultifunctional, insofar as they are useful for both the encoding anddecoding of watermarks.

An example of a real world application is helpful here. Given thepredominant concern, at present, of MPEG 1 Layer 3, or MP3, a perceptuallossy compression audio data format, which has contributed to a dramaticre-evaluation of the distribution of music, a digital watermark systemmust be able to handle casual and more dedicated piracy in a consistentmanner. The present invention contemplates compatibility with MP3, aswell as any perceptual coding technique that is technically similar. Oneissue, is to enable a universal copy control “key” detect a watermark asquickly as possible from a huge range of perceptual quality measures.For instance, DVD 24 bit 96 kHz, encoded watermarks, should be detectedin at least “real time,” even after the signal has been down sampled, tosay 12 kHz of the 96 kHz originally referenced. By delineating andstarting with less data, since the data-reduced signal is obviouslysmaller though still related perceptually to the original DVD signal,dramatic increases in the speed and survival of the universal copycontrol bits can be achieved. The present invention also permits theability to separate any other bits which may be associated with othermore secure predetermined keys or key pairs.

Where the data stream is executable computer code, the present inventioncontemplates breaking the code into objects or similar units offunctionality and allowing for determination of what is functionallyimportant. This may be more apparent to the developer or users of thesoftware or related hardware device. Data reduction through the use of asubset of the functional objects related to the overall functionality ofthe software or executable code in hardware or microchips, increase thecopyright protection or security sought, based on reducing the overalldata to be associated with predetermined keys or key pairs. Similarly,instead of mapping functions, transfer functions, so-called“scrambling,” appear better candidates for this type of securityalthough both mapping and transferring may be used in the same system.By layering the security, the associated keys and key pairs can be usedto substantially improve the security and to offer easier methods forchanging which functional “pieces” of executable computer code areassociated with which predetermined keys. These keys may take the formof time-sensitive session keys, as with transactions or identificationcards, or more sophisticated asymmetric public key pairs which may bechanged periodically to ensure the security of the parties' privatekeys. These keys may also be associated with passwords or biometricapplications to further increase the overall security of any potentialimplementation.

An example for text message exchange is less sophisticated but, if it isa time sensitive event, e.g., a secure communication between twopersons, benefits may also be encountered here. Security may also besought in military communications. The ability to associate the securelyexchanged keys or key pairs while performing data reduction to enhancethe detection or decoding performance, while not compromising the levelof security, is important. Though a steganographic approach to security,the present invention more particularly addresses the ability to havedata reduction to increase speed, security, and performance of a givensteganographic system. Additionally, data reduction affords a morelayered approach when associating individual keys or key pairs withindividual watermark bits, or digital signature bits, which may not bepossible without reduction because of considerations of time or thepayload of what can be carried by the overall data “covertext” beingtransmitted.

Layering through data reduction offers many advantages to those who seekprivacy and copyright protection. Serialization of the detection chipsor software would allow for more secure and less “universal” keys, butthe interests of the copyright owners are not always aligned with thoseof hardware or software providers. Similarly, privacy concerns limit theamount of watermarking that can be achieved for any given application.The addition of a pre-determined and cryptographic key-based “forensic”watermark, in software or hardware, allows for 3rd party authenticationand provides protection against more sophisticated attacks on the copycontrol bits. Creating a “key pair” from the “predetermined” key is alsopossible.

Separation of the watermarks also relates to separate design goals. Acopy control mechanism should ideally be inexpensive and easilyimplemented, for example, a form of “streamed watermark detection.”Separating the watermark also may assist more consistent application inbroadcast monitoring efforts which are time-sensitive and ideallyoptimized for quick detection of watermarks. In some methods, thestructure of the key itself, in addition to the design of the “copycontrol” watermark, will allow for few false positive results whenseeking to monitor radio, television, or other streamed broadcasts(including, for example, Internet) of copyrighted material. As well,inadvertent tampering with the embedded signal proposed by others in thefield can be avoided more satisfactorily. Simply, a universal copycontrol watermark may be universal in consumer electronic and generalcomputing software and hardware implementations, but less universal whenthe key structure is changed to assist in being able to log streaming,performance, or downloads, of copyrighted content. The embedded bits mayactually be paired with keys in a decode device to assure accuratebroadcast monitoring and tamper proofing, while not requiring awatermark to exceed the payload available in an inaudible embeddingprocess. E.g., A full identification of the song, versus time-baseddigital signature bits, embedded into a broadcast signal, may not berecovered or may be easily over encoded without the use of blockciphers, special one way functions or one time pads, during the encodingprocess, prior to broadcast. Data reduction as herein disclosed makesthis operation more efficient at higher speeds.

A forensic watermark is not time sensitive, is file-based, and does notrequire the same speed demands as a streamed or broadcast-baseddetection mechanism for copy control use. Indeed, a forensic watermarkdetection process may require additional tools to aid in ensuring thatthe signal to be analyzed is in appropriate scale or size, ensuringsignal characteristics and heuristic methods help in appropriaterecovery of the digital watermark. Simply, all aspects of the underlyingcontent signal should be considered in the embedding process because thewatermarking process must take into account all such aspects, includingfor example, any dimensional or size of the underlying content signal.The dimensions of the content signal may be saved with the key or keypair, without enabling reproduction of the unwatermarked signal.Heuristic methods may be used to ensure the signal is in properdimensions for a thorough and accurate detection authentication andretrieval of the embedded watermark bits. Data reduction can assist inincreasing operations of this nature as well, since the data reductionprocess may include information about the original signal, for example,signal characteristics, signal abstracts, differences between samples,signal patterns, and related work in restoring any given analogwaveform.

The present invention provides benefits, not only because of thekey-based approach to the watermarking, but the vast increase inperformance and security afforded the implementations of the presentinvention over the performance of other systems.

The architecture of key and key-pair based watermarking is superior tostatistical approaches for watermark detection because the first methodmeets an evidentiary level of quality and are mathematically provable.By incorporating a level of data reduction, key and key paired basedwatermarking is further improved. Such levels of security are plainlynecessary if digital watermarks are expected to establish responsibilityfor copies of copyrighted works in evidentiary proceedings. Moresophisticated measures of trust are necessary for use in areas whichexceed the scope of copyright but are more factually based in legalproceedings. These areas may include text authentication or softwareprotection (extending into the realm of securing microchip designs andcompiled hardware as well) in the examples provided above and are notcontemplated by any disclosure or work in the art.

The present invention may be implemented with a variety of cryptographicprotocols to increase both confidence and security in the underlyingsystem. A predetermined key is described as a set of masks: a pluralityof mask sets. These masks may include primary, convolution and messagedelimiters but may extend into additional domains. In previousdisclosures, the functionality of these masks is defined solely formapping. Public and private keys may be used as key pairs to furtherincrease the unlikeliness that a key may be compromised. Examples ofpublic key cryptosystems may be found in the following U.S. Pat. Nos.4,200,770; 4,218,582; 4,405,829; and 4,424,414, which examples areincorporated herein by reference. Prior to encoding, the masks describedabove are generated by a cryptographically secure random generationprocess. Mask sets may be limited only by the number of dimensions andamount of error correction or concealment sought, as has been previouslydisclosed.

A block cipher, such as DES, in combination with a sufficiently randomseed value emulates a cryptographically secure random bit generator.These keys, or key pairs, will be saved along with information matchingthem to the sample stream in question in a database for use insubsequent detection or decode operation. These same cryptographicprotocols may be combined with the embodiments of the present inventionin administering streamed content that requires authorized keys tocorrectly display or play said streamed content in an unscrambledmanner. As with digital watermarking, symmetric or asymmetric public keypairs may be used in a variety of implementations. Additionally, theneed for certification authorities to maintain authentic key-pairsbecomes a consideration for greater security beyond symmetric keyimplementations, where transmission security is a concern.

Signal Processing in a Multi-Watermark System (a Plurality of StreamsMay be Watermarked)

FIG. 2 illustrates a system and method of implementing amultiple-watermark system. An input signal 11 (e.g., binary executablecode, instruction text. or other data), is first processed by a lossydata-reduction scheme 200 (e.g., down-sampling, bit-rate reduction, orcompression method) to produced a data-reduced signal 40. Data-reducedsignal 40 is then embedded with a watermark (process step 300) togenerate a watermarked, data-reduced signal 50, while a copy of theunmarked, data-reduced signal 40 is saved.

Watermarking process step 300 may be chosen from among variouswatermarking processes known in the art. As an example, a digital audiodata signal may be represented, for purpose of watermarking, by a seriesof samples in 1 dimension. {S₁, S₂, S₃ . . . S_(n)}. This series is alsoreferred to as a sample stream. The sample stream approximates an analogwaveform of sound amplitude over time. Each sample represents anestimate of the wave amplitude at the instant of time the sample isrecorded. For monaural audio, there is one such sample stream. Stereoaudio is comprised of two sample streams, one representing the rightchannel, and the other representing the left. Each stream is used todrive a corresponding speaker to reproduce the stereo sound. What isreferred to as CD quality audio is characterized by 16 bit (2 byte)stereo samples, recorded at 44.1 Khz, or 44,100 samples per second ineach channel. The dynamic range of sound reproduction is directlyproportional to the number of bits per sample. Some lower qualityrecordings are done at 8 bits. A CD audio recording can be stored usingany scheme for containing the 2 sample streams in their entirety. Whenthese streams are played back at the same frequency they were recordedat, the sound recorded is reproduced to a high degree of accuracy. Thesample stream is processed in order from first sample to last. For thepurpose of the invention disclosed, the stream is separated into samplewindows, each of which has a fixed number of consecutive samples fromthe stream, and where windows do not overlap in the sample stream.Windows may be contiguous in the sample stream. For illustration, assumeeach window contains 128 samples, and that windows are contiguous. Thus,the windows within the stream look like

{>S₁, S₂, S₃ . . . S₁₂₈!, >S₁₂₉, S₁₃₀, S₁₃₁ . . . S₂₅₆! . . . >S_(n−128). . . S_(n)!}

wherein the bracketed set > . . . ! denotes each window and any oddsamples at the end of the stream which do not completely fill a windowcan be ignored, and simply passed through the system unmodified.

These windows will be used as input for the discrete Fast FourierTransform (and its inverse) operation. Briefly, Fourier Transformmethods are based on the principle that a complex waveform, expressed asamplitude over time and represented by a sample stream, is really thesum of a number of simple waveforms, each of which oscillates atdifferent frequencies. By complex, it is meant that the value of thenext sample is not easily predicted from the values of the last Nsamples or the time of the sample. By simple it is meant that the valueof the sample is easily predictable from the values of the last Nsamples and/or the time of the sample.

The sum of multiple simple waves is equivalent to the complex wave. Thediscrete FFT and its inverse simply translate a limited amount of datafrom one side of this equivalence to the other, between the complexwaveform and the sum of simple waves. The discrete FFT can be used totranslate a series of samples representing amplitude over time (thecomplex wave, representing a digital audio recording) into the samenumber of samples representing total spectral energy in a given range offrequencies (the simple wave components) at a particular instant oftime. This instant is the time in the middle of the originalamplitude/time samples. The inverse discrete FFT translates the data inthe other direction, producing the complex waveform, from its simplerparts.

Each 128 sample window will be used as an input to the discrete FFT,resulting in 128 bins representing each of 128 frequency bands, rangingfrom 0 Hz to 22 Khz (the Nyquist frequency, or ½ the sampling rate).

Information can be encoded into the audio signal in the frequency domainor in the time domain. In the latter case, no FFT or inverse FFT isnecessary. However, encoding in the frequency domain is recommended,since its effects are scattered over the resultant time domain samples,and not easily predicted. In addition, frequency domain encoding makesit more likely that randomization will result in noticeable artifacts inthe resultant signal, and therefore makes the stega-cipher moredefensible against such attacks. It is in the frequency domain thatadditional information will be encoded into the audio signal for thepurpose of this discussion. Each frequency band in a given time slicecan potentially be used to store a small portion of some additionalinformation to be added to the signal. Since these are discreteestimates, there is some room for error which will not significantlyeffect the perceived quality of the signal, reproduced aftermodification, by the inverse FFT operation. In effect, intentionalchanges, which cannot be distinguished from random variations, areintroduced in the frequency domain, for the purpose of storingadditional information in the sample stream. These changes are minimizedso as not to adversely affect the perceived quality of the reproducedaudio signal, after it has been encoded with additional information inthe manner described below. In addition, the location of each of thesechanges is made virtually impossible to predict, an innovation whichdistinguishes this scheme from simple steganographic techniques.

The saved, unwatermarked data-reduced signal (signal 40) is subtractedfrom the original input signal 11, yielding a remainder signal 60composed only of the data that was lost during the data-reduction. Asecond watermark is then applied using a desired watermarking protocol(process step 301) to remainder signal 60 to generate a watermarkedremainder signal 70. Finally, the watermarked remainder 70 and thewatermarked, data-reduced signal 50 are added to form an output signal80, which is the final, full-bandwidth, output signal.

The two watermarking techniques (process steps 300 and 301) may beidentical (i.e., be functionally the same), or they may be different.

To decode the signal, a specific watermark is targeted. Duplicating thedata-reduction processes that created the watermark in some cases can beused to recover the signal that was watermarked. Depending upon thedata-reduction method, it may or may not be necessary to duplicate thedata-reduction process in order to read a watermark embedded in aremainder signal. Because of the data-reduction, the decoding search canoccur much faster than it would in a full-bandwidth signal. Detectionspeed of the remainder watermark remains the same as if there were noother watermark present.

FIG. 4 illustrates a functional block diagram for one means of decodingthe output signal generated by the system illustrated in FIG. 2. Asignal to be analyzed 80 (e.g., the same output from FIG. 2) isprocessed by a data-reduction scheme 200. Data reduced signal 41 canthen be decoded to remove the message that was watermarked in theoriginal data reduced signal. Further, data reduced signal 41 can besubtracted from signal to be analyzed 80 to form a differential signal61 which can then be decoded to remove the message that was watermarkedin the original remainder signal. A decoder may only be able to performone of the two decodings. Differential access and/or different keys maybe necessary for each decoding.

Additionally, the watermarking described in connection with thisembodiment above may be done with a plurality of predetermined keys orkey pairs associated with a single watermark “message bit,” code object,or text. Keys or key pairs may also be stored or archived in a centralcertification authority, such that there will be a verified and officialversion of a particular key or key pair whenever access to such key orkey pair, or verification or identification of the legitimacy andauthorization of the use of a particular data signal or file associatedwith that key, is required. The central certification authority couldbe, for instance, a secure computer server archive maintained by acopyright holder to store keys relating to copyrighted files watermarkedusing such keys.

Signal Processing in a Single Watermark System

FIG. 3 illustrates a system and method of implementing a singlewatermark system. The process and system contemplated here is identicalto process described in connection to FIG. 2, above, except that nowatermark is embedded in the remainder signal. Hence, the watermarked,data-reduced signal 50 is added directly to the remainder signal 60 togenerate an output signal 90.

Additionally, the watermarking described in connection with thisembodiment above may be done with a plurality of predetermined keys orkey pairs associated with a single watermark “message bit,” code object,or text.

In either process, an external key can be used to control the insertionlocation of either watermark. In a copy-control system, a key is notgenerally used, whereas in a forensic system, a key must be used. Thekey can also control the parameters of the data-reduction scheme. Thedual scheme can allow a combination of copy-control and forensicwatermarks in the same signal. A significant feature is that thecopy-control watermark can be read and rewritten without affecting theforensic mark or compromising its security.

FIG. 5 illustrates a functional block diagram for one means of decodingthe output signal generated by the system illustrated in FIG. 3. Asignal to be analyzed 90 (e.g., the same output from FIG. 3) isprocessed by a data-reduction scheme 200. Data reduced signal 41 canthen be decoded to remove the message that was watermarked in theoriginal data reduced signal.

Signal Processing in a Multi-Scrambler System (a Plurality of StreamsMay be Scrambled)

FIG. 6 illustrates a system and method of implementing a multi-scramblersystem. An input signal 12 (e.g., binary executable code, instructiontext. or other data), is first processed by a lossy data-reductionscheme 400 (e.g., down-sampling, bit-rate reduction, or compressionmethod) to produced a data-reduced signal 45. Data-reduced signal 45 isthen scrambled using a first scrambling technique (process step 500) togenerate a scrambled, data-reduced signal 55, while a copy of theunscrambled, data-reduced signal 45 is saved.

The saved, unscrambled data-reduced signal (signal 45) is subtractedfrom the original input signal 12, yielding a remainder signal 65composed only of the data that was lost during the data-reduction. Asecond scrambling technique is then applied (process step 501) toremainder signal 65 to generate a scrambled remainder signal 75.Finally, the scrambled remainder signal 75 and the scrambleddata-reduced signal 55 are added to form an output signal 85, which isthe final, full-bandwidth, output signal.

The two scrambling techniques (process steps 500 and 501) may beidentical (i.e., be functionally the same), or they may be different.

Additionally the scrambling described in connection with this embodimentmay be done with a plurality of predetermined keys or key pairsassociated with a single scrambling operation containing only a “messagebit,” code object, or text.

To decode the signal, unscrambling follows the exact pattern of thescrambling process except that the inverse of the scrambling transferfunction is applied to each portion of the data, thus returning it toits pre-scrambled state.

FIG. 8 illustrates a functional block diagram for one means of decodingthe output signal generated by the system illustrated in FIG. 6. Asignal to be analyzed 85 (e.g., the same output from FIG. 6) isprocessed by a data-reduction scheme 200. Data reduced signal 46 can besubtracted from signal to be analyzed 85 to form a differential signal66, which signal can then be descrambled in process 551 using theinverse transfer function of the process that scrambled the originalremainder signal (e.g., the inverse of scrambling process 501).Descrambling process 551 generates an descrambled signal 76. Datareduced signal 46 may further be descrambled in process 550 using theinverse transfer function of the process that scrambled the originaldata reduced signal (e.g., the inverse of scrambling process 500).Descrambling process 550 generates an descrambled signal 56, which maythen be added to descrambled signal 76 to form an output signal 98.

Signal Processing in a Single Scrambling Operation

FIG. 7 illustrates a system and method of implementing a singlescrambling system. The process and system contemplated here is identicalto process described in connection to FIG. 6, above, except that noscrambling is applied to the remainder signal. Hence, the scrambleddata-reduced signal 55 is added directly to the remainder signal 65 togenerate an output signal 95.

Additionally the scrambling described in connection with this embodimentmay be done with a plurality of predetermined keys or key pairsassociated with a single scrambling operation containing only a “messagebit,” code object, or text.

FIG. 9 illustrates a functional block diagram for one means of decodingthe output signal generated by the system illustrated in FIG. 7. Asignal to be analyzed 95 (e.g., the same output from FIG. 7) isprocessed by a data-reduction scheme 200. Data reduced signal 46 can besubtracted from signal to be analyzed 95 to form a differential signal66. Data reduced signal 46 may further be descrambled in process 550using the inverse transfer function of the process that scrambled theoriginal data reduced signal (e.g., the inverse of scrambling process500). Descrambling process 550 generates an descrambled signal 56, whichmay then be added to differential signal 66 to form an output signal 99.

Sample Embodiment Combinations

Another embodiment may combine both watermarking and scrambling withdata reduction. Speed, performance and computing power may influence theselection of which techniques are to be used. Decisions between datareduction schemes ultimately must be measured against the types of keysor key pairs to use, the way any pseudo random or random numbergeneration is done (chaotic, quantum or other means), and the amount ofscrambling or watermarking that is necessary given the needs of thesystem. It is quite possible that some derived systems would yield afairly large decision tree, but the present invention offers manybenefits to applications in security that are not disclosed in the art.

As a further illustrative example of an advantageous embodiment, thefollowing briefly describes an implementation of the present inventionusing sample rate reduction as the chosen data reduction method forwatermarking in connection with an audio data signal.

I. Encoding:

-   -   Audio data is downsampled from the original sample rate to 10        kHz.    -   The 10 kHz signal is upsampled to the original sample rate,        yielding the 10 kHz upsample.    -   The 10 kHz upsample is subtracted from the original, yielding        the 10 kHz upsample difference.    -   The 10 kHz signal is downsampled to 5 kHz.    -   The 5 kHz signal is upsampled to the 10 kHz, yielding the 5 kHz        upsample.    -   The 5 kHz upsample is subtracted from the 10 kHz signal,        yielding the 5 kHz upsample difference.    -   The 5 kHz signal is marked with an open watermark (universal key        for universal access), yielding the 5 kHz watermark.    -   The 5 kHz upsample difference is marked with a secure watermark        (one key per encode), yielding the 10 kHz watermark.    -   The 5 kHz watermark is upsampled to 10 kHz, yielding the 5 kHz        upsampled watermark.    -   The 5 kHz upsampled watermark is summed with the 10 kHz        watermark, to yield the 10 kHz watermark sum.    -   The 10 kHz watermark sum is upsampled to the original sample        rate, yielding the 10 kHz upsampled watermark.    -   The 10 kHz upsampled watermark is summed with the 10 kHz        upsample difference to produce the output signal.

II(A). Decoding Both Watermarks, or Just the Secure Watermark:

-   -   Audio data is downsampled from the original sample rate to 10        kHz.    -   The 10 kHz signal is downsampled to 5 kHz.    -   The 5 kHz signal is upsampled to the 10 kHz, yielding the 5 kHz        upsample.    -   The 5 kHz upsample is subtracted from the 10 kHz signal,        yielding the 5 kHz upsample difference.    -   The open watermark is decoded from the 5 kHz.    -   The secure watermark is decoded from the 5 kHz upsample.

IIB. Decoding Just the Open Watermark:

-   -   Audio data is downsampled from the original sample rate to 5        kHz.    -   The open watermark is decoded from the 5 kHz.

In connection with the above-described embodiment, alternative step IIBis illustrated because decoding the open watermark may have to occur onconsumer electronic devices, and therefore, generally, fewer processingsteps may be desirable in consumer electronic devices. The securewatermark is not as time-critical during the decode process, and cantherefore be afforded more processing time. Note further that theoriginal sample rate during the encode does not have to be the same asthe original sample rate for decode. Any intervening sample rateconversion will be ignored, as long as it never drops below the samerate of the signal to which the watermark is applied (for example, 10kHz for the secured watermark of the prior example, or 5 kHz for theopen watermark of the prior example).

The embodiments described herein may advantageously be implemented inconnection with a data signal recipient's personal computer system orworkstation (comprising a computer processor such as an Intel Pentiumprocessor, spreadsheet software such as Microsoft Excel, andimplementing a communications module such as a common web browser suchas Internet Explorer or Netscape), linked by a World Wide Web connectionto a data signal or file provider utilizing similar standard computerhardware and software, but may also be implemented in connection withany output device having appropriate electronic memory and/or processingcapacity to implement the techniques set forth herein (which couldinclude, for instance, consumer electronics output devices other thanmicrocomputers). Because the digital watermarking techniques and systemsdisclosed herein are substantially universal, however, they may beapplied across a variety of computer hardware and softwareconfigurations, for use with a variety of transmitted data signals orfiles, over a variety of public or private networks (although theutility of the present invention for digital watermarking of audio orvideo files transmitted over public networks such as the interne isobvious). The network communication link between the data signal/filerecipient and the signal/file provider may further be provided with somenetwork-default level of encryption (perhaps a relatively weak levelsuch as 56 bit encryption). Similarly, known computer programmingtechniques and languages (for instance, Visual Basic, JAVA, C++) may beadapted in a variety of fashions for use in either the data reductionsteps discussed herein, the cryptographic/scrambling processesdisclosed, the specific watermarking techniques applied, or anycombination of the above, for customized data reduction and digitalwatermarking, and output of an output signal, in the fashion mostamenable to a particular user's needs. The ability to adapt a wide rangeof data processing algorithms (including but not limited to algorithmsfor data reduction, encryption/decryption, and compression) to yieldvarious desired data signal outputs, to apply customizable digitalwatermarking procedures, and to allow customizable andmaximally-efficient forensic or copy control watermarks to popular anduseful data transmission protocols, all across a broad range of computersystem platforms (i.e., various hardware, software, computer language,and operating system combinations) provides the present invention withconsiderable versatility.

The present invention as implemented with such computer systems permitssecured delivery of valuable data streams over a variety of networks.Specifically, the present invention provides great utility for thedelivery (commercial or otherwise) of video, audio, or other such fileson media or over a public network such as the internet in a fashion thatimpedes theft or unauthorized use or resale of such files. For instance,the methods of the present invention could be applied to all thedigitized commercial music files of a music vendor (to impose, forinstance, a copy control watermark thereupon). Subsequently, thosewatermarked music files may be delivered to end users. End user attemptsto make unauthorized copies can thus be controlled. Alternatively,output devices may be programmed to detect watermarks embedded in filesby use of the present invention, such that if the file does not containan appropriate watermark, the output device will not execute or “play”the file.

It is important to note that the watermarks embedded using the presentinvention may be embedded at a wide variety of points along thedistribution chain for the data signals. For instance, in an embodimentin which the present invention is used to watermark commercial music orvideo files downloaded by an individual end user from a central serverover an internet connection through an internet service provider, thepresent invention could be used to impose a forensic watermark (uniquelyidentifying the customer and download transaction) at the central server(or at the server of the internet service provider). When a suspectedunauthorized copy of the file in question was detected, the watermarktherein could be sensed/decoded in order to identify the source of theunauthorized copy. As has been emphasized, the techniques of the presentinvention may be applied to a wide variety of data signals, whetherstored multimedia or computer code files, streamed files transmitted inreal time, or other files or data signals, and may be applied incontext-sensitive fashion to maximize protection (and effective signaltransmission and output) for a particular data stream. It is also anaspect of this invention that the novel techniques for watermarkingusing data reduction herein can be exploited at the end user point ofthe distribution chain for data signals; that is, using the uniquewatermark/key information associated with a file watermarked using thetechniques described hereinabove, a file may be analyzed (whether byrepresentatives of a file copyright owner, for instance, or by hardware,software, or other appropriate analyzer, such as an embedded firmwarechip, etc. contained in or supplied to an end user output device). Oncethe data signal is analyzed at the end user point, information relativeto the any watermark or key actually contained on the file at that pointmay be derived and analyzed to determine if the file has been properlydistributed to the end user. If it has not, the output device may beprogrammed to deny output or to manipulate the data signal in adestructive way (or to take other appropriate legal or copyright controlaction as may be desired by the file owner). The present inventionincludes such uses of (and devices for) data reduction-derived watermarkdetection and output control.

Those of ordinary skill in the art will appreciate that the foregoingdiscussion of certain preferred embodiments is illustrative only, anddoes not limit the spirit and scope of the present invention, which arelimited only by the claims set forth below.

1-108. (canceled)
 109. A system for securing a data signal comprising: afirst processor coupled to a memory to apply a data reduction techniqueto reduce the data signal into a reduced data signal; a subtractor tosubtract said reduced data signal from the data signal to produce aremainder signal; a second processor to apply a first cryptographictechnique to encrypt the reduced data signal to produce an encrypted,reduced data signal; a third processor apply a second cryptographictechnique to encrypt the remainder signal to produce an encryptedremainder signal; and an adder to add said encrypted, reduced datasignal to said encrypted remainder signal to produce an output signal.110. The system of claim 109, wherein the first, second and thirdprocessors are comprised of one, two or three separate processors. 111.The system of claim 109, wherein the memory contains a copy of the datasignal and the subtractor to subtract the reduced data signal to producea remainder signal uses the memory copy of the data signal for thesubtraction.
 112. The system of claim 109, wherein at least one of saidsecond and third processors to apply a first and second cryptographictechnique utilizes a watermarking technique for encoding a digitalwatermark in a signal.
 113. The system of claim 109, wherein at leastone of said second and third processors to apply a first and secondcryptographic technique utilizes a scrambling technique.
 114. The systemof claim 109, wherein the data reduction technique comprises a datacompression technique.
 115. The system of claim 114, wherein the datacompression technique comprises selective sampling of the data signal ina domain selected from the group comprising the time domain, bit depthdomain, and the frequency domain.
 116. A system for securing a datasignal comprising the steps of: an analyzer for evaluating the datasignal to determine its characteristics and reducibility; a selector forselecting at least one appropriate data reduction technique for the datasignal; a processor coupled to a memory to apply said at least oneappropriate data reduction technique; an encoder for encoding at leastone digital watermark in the data signal or data reduced signal; and anoutput for supplying an output signal corresponding to the data signal.117. The system of claim 116, wherein the analyzer analytically splitsthe data signal into a plurality of discrete data substreams; andwherein the processor applies the appropriate data reduction techniqueselected for at least one of the plurality of data substreams.
 118. Thesystem of claim 116, wherein the appropriateness of the at least onedata reduction technique is determined by the selector with reference todata signal characteristics selected from at least one of: (a) desiredoutput quality for said output signal; (b) desired data reduction ratio;(c) audio character of data; (d) video character of data; (e) textcharacter of data; (f) executable software character of data.
 119. Thesystem of claim 117, wherein the appropriateness of said at least onedata reduction technique is determined by the selector with reference todata signal or data substream characteristics selected from at least oneof: (a) desired output quality for said output signal; (b) desired datareduction ratio; (c) audio character of data; (d) video character ofdata; (e) text character of data; (f) executable software character ofdata.
 120. The system of claim 117, wherein a different appropriate datareduction technique is chosen by the selector for each of the pluralityof data substreams.
 121. The system of claim 117, further comprising thesteps of performing upon at least one of said data substreams by theprocessor: (a) a scrambling technique; (b) an encryption technique. 122.The system of claim 121, wherein at least one of said steps ofwatermarking, scrambling, or encrypting by the processor comprisesapplying at least one cryptographic key.
 123. The system of claim 122,wherein said at least one cryptographic key is derived at least in partfrom the data signal.
 124. The system of claim 122, wherein said atleast one cryptographic key is not derived from the data signal.
 125. Asystem for protected distribution of a data file comprising: (a) anencoder for encoding one or more digital watermarks in the data fileusing data reduction techniques in creating said digital watermark,wherein the use of data reduction techniques comprises creation of areduced portion of the data file and a remainder portion of the datafile; (b) and a transmission device for distributing the digitallywatermarked file to an end user.
 126. The system of claim 125, whereinboth the reduced portion and the remainder portion of the data file areembedded by the encoder with said one or more digital watermarks. 127.The system of claim 126, wherein said watermarked, reduced portion isrecombined with said watermarked, remainder portion of said data file bythe adder to produce an output signal.
 128. The system of claim 125,wherein said step of encoding said one or more digital watermarks in thedata file with the encoder is performed on a central computer server andsaid watermarked data file is subsequently transmitted to an end useroutput device.
 128. The system of claim 128, wherein said step ofdistributing with a transmission device comprises distributing over apublic data network.
 129. The system of claim 129, wherein said publicdata network comprises the internet.
 130. The system of claim 125,further comprising the step of supplying the end user with a detectorfor detecting information about said digital watermark.
 131. The systemof claim 125, wherein said data file comprises a file selected from thegroup containing music files, audio files, video files, still imagefiles, streaming media files, and executable computer software files.132. The system of claim 125, wherein at least one of said digitalwatermarks created using data reduction comprises a universal copycontrol watermark for prevention of unauthorized data file copying. 133.The system of claim 125, wherein at least one of said digital watermarkscreated using data reduction comprises a forensic watermark for tracingof historical data regarding the distribution history of the data file.